Better password policy improves security

A new NIST guideline as a foundation for password policy.

Use password policy to improve security

The National Institute of Standards and Technology (NIST) has released new Digital Identity Guidelines. Why is this important? Managing digital identities is an important aspect of information security. This NIST document is a great foundation on which to build a password policy which will enable users to better develop their security skills. And that is in everyone’s best interest. Organizations must take it upon themselves to do all they can to promote safe yet frictionless best practices.

The NIST recommends:

  • Removing all password complexity rules
  • A strict 8-character minimum with up-to-64-character maximum
  • The elimination of periodic password resets
  • Enabling the “Show Password” option while typing
  • Allowing the paste function in password fields

Organizations that are serious about security will follow up with a comprehensive program of user training, detailing why each measure is in place. This will make staff feel they are partners in securing information and the organization. Taking some time to help users understand what constitutes good password management is essential.

Multi-factor authentication

To make sure users and data are protected, organizations need to transition to multi-factor authentication, commonly referred to as 2FA (2-Factor Authentication). The NIST requires 2FA for any personal information available online. 2FA verification requires users to demonstrate at least two of the following:

  • Something you know (ex. password)
  • Something you have (ex. phone)
  • Something you are (ex. fingerprint)

With the ever-rising need to securely identify themselves to access information, users must be given simple yet secure guidelines regarding passwords. An organization must take it upon itself to make every effort to build robust digital identity procedures. Taking a look at the NIST Digital Identity Guidelines can be time well spent.

To help your people improve their security mindset through smart user identification policy, get in touch. Contact us